General

What exactly is Cisco AVC?

Cisco Application Visibility and Control (AVC) is a solution which uses multiple technologies of the Cisco ASR 1000 Series Aggregation Services Routers (ASR 1000) and Cisco Integrated Service Routers Generation 2 (ISR G2), and network management tools which, together provide powerful and pervasive integrated solution for discovering and controlling applications. Network administrators gain visibility into applications running in their network and their performance, as well as being able to apply application policy control to improve application performance and control network resource usage.

How does Cisco AVC work?

AVC works by enabling the software features within the Cisco ASR 1000 and Cisco ISR G2, in conjunction with network management tools, to perform the following functions:

Application recognition– use Deep Packet Inspection (DPI) to recognize and identify applications regardless of port number

Performance monitoring- utilize embedded monitoring capabilities within the routers to extract and collect application usage, performance metrics, aggregate and export this information using open export format such as Netflow Version 9 and IPFIX to network management

Network Management – enable Cisco and 3rd party network management to present visualization to the end users, as well as to provide feedback and implement policy to network devices to fine tune performance

Control - control per-application bandwidth usage and intelligently select path to deliver application based on real time performance

Which technologies are used in Cisco AVC?

Cisco®AVC consists of the following technologies:

Next-generation DPI technology called NBAR2, which can identify more than 1000 applications and support application categorization, with the ability to perform in-service update of application signatures.

Performance collection engine to collect Application Response Time (ART) for TCP applications, and Media Monitoring (MMON) to collect voice and video performance such as jitter and loss. All the information is exported through Flexible Netflow infrastructure.

Reporting and management tools, such as Cisco Prime™Infrastructure with Assurance module, an enterprise-grade infrastructure management and service monitoring tool for reporting of application and network performance, and a number of AVC Cisco Developer Network (CDN) partners such as ActionPacked, InfoVista, LivingObjects, and Plixer.

QoS to facilitate optimization and control of application performance.

Can I run AVC if I have FPI license (FLASR1-FPI-RTU)?

Is there a demo license for AVC?

The AVC license on the router is a right-to-use (RTU) license. In other words, this is a trust-based license and is available on the ASR1000 and ISR G2. Customers can enable the license for demo and evaluation purpose up to 60 days.

Do I need AVC license if I want to use NBAR2 and QoS?

Yes, both NBAR2 and QoS are components of AVC to provide per-application bandwidth control

Features and Functionalities

Where can I find AVC performance information?

The AVC performance depends on a number of factors, such as platform, memory, ESP (in case of ASR 1000), traffic profile, and features.

Do we support PBR with NBAR2 as part of AVC?

As of today, QoS an PfR are the main control mechanism for AVC. We are looking to add newer forms of control in future releases and PBR is one of those being investigated. Please reach out to ask-avc-pm alias for more specifics.

Will IPFIX export be support with AVC?

IPFIX is supported as of XE 3.7S and 15.2(4)M2.

How easy is it for a customer use AVC to control P2P traffic?

AVC identifies more than 1000 applications, several among these being P2P applications. In addition, AVC has a special category for P2P applications, which customers can use in their QoS policies to filter or rate limit P2P traffic. The following example shows how to identify and limit P2P applications.

Is AVC IPv6 aware?

Does AVC work with ISG or PPP?

AVC is not yet supported with ISG subscriber side interface. Configuring AVC on the uplink interface is supported. NBAR2 and QoS are supported on the PPP virtual-template interface. We have tested up to 4000 PPP virtual-access interfaces.

Does AVC support VRF?

On Cisco ASR 1000, AVC can also collect and export information per VRF.

NBAR2

How many match protocol http url can an ASR support?

Currently, 20 match protocol http url is allowed. An error will be generated if more than 20 is attempted.

Where is the multi-stage classification introduced in IOS XE 3.7S?

For applications such as flash-video, it requires a few packets to determine the application. Before this feature, NBAR identifies the application as unknown before the final classification. This feature allows NBAR2 to store the interim classification information as unknown -> HTTP - > flash-video. The interim classification information can be used by features such as ip nbar protocol-discovery to reduce the number of packets being classified as unknown because NBAR2 cannot yet identify the final application.

Do I need to upgrade my router software to get the latest NBAR2 signatures?

No, since AVC utilizes NBAR2, which supports application signature update through NBAR2 Protocol Pack, new application signatures can be loaded into the routers while the routers are in-service. Minimum software release which supports loading NBAR2 Protocol Pack are IOS XE 3.7S and IOS 15.2(4)M2.

What is the process of installing protocol pack to the router and what is the impact?

The protocol pack will be provided as a file which needs to be put on router flash. Then apply configuration ip nbar protocol-pack <path_to_protocol_pack> to load the new protocol pack. It will deactivate the built-in protocol pack which comes with the IOS release, and start using the new protocol pack. During this process, the active traffic may be mis-classified which may last for 15-60 seconds depending on your router CPU load.
In 15.2(4)M2 and XE 3.8S, NBAR2 supports URL-based custom applications, how many custom applications can be supported?
URL based custom applications allow user-defined custom application based on HTTP hostname or URI or both. NBAR2 supports up to 121 custom applications. Out of 121 custom applications, NBAR2 supports up to 65 URL-based custom applications.

How many stateful signatures does NBAR2 support?

NBAR2 supports 256 stateful signatures. These are the signatures identified in show ip nbar protocol-id as type L7 STANDARD. In 15.2(4)M2 and 3.7S, there are 189 stateful signatures. This 256 stateful signatures limit will be increased in the next IOS and IOS XE release.

How does NBAR2 identify SSL application without decrypted it?

For SSL application, i.e. webex, office 365, NBAR2 uses the information during certificate exchange to identify such application. This avoids the need to decrypt traffic which is very expensive operation for the router to do.

FNF

Can I configure FNF to export data out of ASR1K management interface?

No, exporting FNF from ASR1K management interface is not supported. FNF supports exporting the data out of interface inside VRF.

I see sampler in the example for ASR1K AVC config, do I need it?

Sampler is a way for ASR1K to sampling only selected number of connections to reduce the load on the ASR1K for Internet Edge deployment. Currently, sampler is required for ASR1K to send a flow record which is used by Insight to discover the ASR1K device. It is mandatory for ASR1K AVC solution.

Management Tool

What are the management tools that we can use with AVC?

AVC exports information using open export format such as Netflow Version 9 and IPFIX. This allows Cisco and 3rd party network management products to support Cisco AVC. Cisco Prime™Infrastructure with Assurance module supports Cisco AVC. In addition, there are already AVC Cisco Developer Network (CDN) partners such as ActionPacked, InfoVista, LivingObjects, and Plixer. If the network management tools you are interested is not in this list, please contact ask-avc-pm.

Which 3rd party tools support AVC solution today and what do they support?

A number of AVC Cisco Developer Network (CDN) partners such as ActionPacked, InfoVista, LivingObjects, Plixer, CA and Compuware.

Is there a multi-tenant capable management tool available with AVC?

Cisco Prime Infrastructure 1.2 supports per-user application usage. Cisco Prime Infrastructure 2.0 adds additional report based on users such as Top N users per application. The pulling of user information is done by having Cisco Prime Infrastructure manging the access switches and WLC, and 802.1x is enabled.

IOS Performance Agent

What is IOS Performance Agent, and how does it fit into Cisco AVC?

IOS Performance Agent (PA) is one of the software features used by Cisco AVC. It collects and exports Application Response Time (ART) such as Network Delay, Response Time, and Transaction Time for TCP applications. Network administrators can use this information to better understand application performance and bottlenecks in the network.